Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Bug Id
4706048
Date of Resolved Release23-JAN-2007
Impact
Security vulnerabilities in the tip(1) command may allow a local unprivileged user the ability to execute arbitrary code with the privileges of user uucp(uid 5).
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 8 without patch 111504-02
- Solaris 9 without patch 123368-01
- Solaris 10 without patch 124997-01
x86 Platform
- Solaris 8 without patch 111505-02
- Solaris 9 without patch 123369-01
- Solaris 10 without patch 124998-01
Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited to execute arbitrary commands with the privileges of the uucp(uid 5) user.
Workaround
To work around the described issue, remove the set-user-ID bit from the "tip" binary by issuing the following command:
# chmod u-s /usr/bin/tip
Note: removing the set-user-ID bit from the "tip" binary will prevent unprivileged users from using the "tip" command to access calling devices (like modems).
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 8 with patch 111504-02 or later
- Solaris 9 with patch 123368-01 or later
- Solaris 10 with patch 124997-01 or later
x86 Platform
- Solaris 8 with patch 111505-02 or later
- Solaris 9 with patch 123369-01 or later
- Solaris 10 with patch 124998-01 or later
References
111504-02
111505-02
123368-01
123369-01
124997-01
124998-01
AttachmentsThis solution has no attachment